MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
openai
Search

Are OpenAI's ChatGPT Actions Being Abused To Scan For Web Vulnerabilities?

Sunday August 25, 2024. 10:47 PM , from Slashdot
Long-time Slashdot reader UnderAttack explains: A blog post at the SANS Internet Storm Center suggests that OpenAI actions are being abused to scan for WordPress vulnerabilities.

Honeypot sensors at the Storm Center detected scans for URLs targeting WordPress that originated exclusively from OpenAI systems. The URLs requested all pages including the pattern '%%target%%', which may indicate that the scan is meant to include additional path components but the expansion of the template failed. The scans were not only identified by the unique user agent but also by the origin IP addresses matching addresses OpenAI published as being used for OpenAI actions. OpenAI actions allow OpenAI to connect to external APIs.

Johannes B. Ullrich, Ph.D., Dean of Research, SANS.edu, wrote that OpenAI seems to be scanning random IP addresses — including honeypots.

Read more of this story at Slashdot.
https://slashdot.org/story/24/08/25/2037200/are-openais-chatgpt-actions-being-abused-to-scan-for-web...

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Tue 5 - 12:30 CET